efgonzo61
Members-
Posts
20 -
Joined
-
Last visited
Reputation
0 Neutral-
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
HI Maniac, Just wanted to let you know it will be a few more days before I can get to the infected computer to try your latest suggestions. -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
HI Maniac,,followed the link you gave me to delete the scour malware but unfortunately when i went to do as intructed the Scour toolbar did not show up on the programs list anywhere. No reference to Scour anywhere. This is a tough one to get rid of looks like. -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
Hi Maniac, Ran the OTL test as instructed. Here are results: OTL logfile created on: 5/16/2012 7:19:44 PM - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Don Gonsalves\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.97 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 54.15% Memory free 3.93 Gb Paging File | 2.16 Gb Available in Paging File | 54.93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223.20 Gb Total Space | 185.40 Gb Free Space | 83.06% Space Free | Partition Type: NTFS Computer Name: DONGONSALVES-PC | User Name: Don Gonsalves | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/16 19:16:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Don Gonsalves\Desktop\OTL.exe PRC - [2012/05/15 09:43:39 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe PRC - [2012/04/29 18:43:00 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe PRC - [2012/04/22 21:00:55 | 002,639,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe PRC - [2012/03/07 17:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2012/02/25 09:12:52 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/09/26 16:09:24 | 000,277,832 | ---- | M] (AOL Inc.) -- c:\Program Files\AOL Toolbar\aoltbServer.exe PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1277647536\ee\aolupdates.exe PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1277647536\ee\aolsoftware.exe PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/10/28 10:38:50 | 000,039,272 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.5\waol.exe PRC - [2009/10/28 10:38:49 | 000,054,632 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.5\shellmon.exe PRC - [2009/08/17 17:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/03/31 18:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe PRC - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe PRC - [2005/10/07 21:01:52 | 003,032,576 | ---- | M] () -- C:\Program Files\StorageSync\StrgSync.exe ========== Modules (No Company Name) ========== MOD - [2012/05/16 13:23:09 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012/05/16 13:23:07 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012/05/15 09:43:39 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe MOD - [2012/04/29 18:43:01 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll MOD - [2012/04/18 18:44:26 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012/04/18 18:44:26 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2009/10/28 10:38:50 | 000,081,920 | ---- | M] () -- C:\Program Files\AOL 9.5\xmltok.dll MOD - [2009/10/28 10:38:50 | 000,053,248 | ---- | M] () -- C:\Program Files\AOL 9.5\xmlparse.dll MOD - [2009/10/28 10:38:50 | 000,045,056 | ---- | M] () -- C:\Program Files\AOL 9.5\zlib.dll MOD - [2005/10/07 21:01:52 | 003,032,576 | ---- | M] () -- C:\Program Files\StorageSync\StrgSync.exe ========== Win32 Services (SafeList) ========== SRV - [2012/05/11 07:58:44 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/04/29 18:43:00 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2) SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2010/06/27 07:52:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/08/17 17:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/03/31 18:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters) SRV - [2008/01/22 13:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DONGON~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/06/15 19:35:17 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/08/21 16:50:48 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMSM.sys -- (BCMModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{00BAAAA3-110C-4917-B01D-61689043FC7A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aol-chromesbox-en-us&tb_uuid=20101102183133441&tb_oid=27-06-2010&tb_mrud=30-09-2011 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2579679182-146959318-3495416509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 IE - HKU\S-1-5-21-2579679182-146959318-3495416509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2579679182-146959318-3495416509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1 IE - HKU\S-1-5-21-2579679182-146959318-3495416509-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2579679182-146959318-3495416509-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1D63AE9F-C341-4692-9CBC-2C7D38D72C11}&mid=6f4633160e2d9844072cf133841a9843-f463f1d4b109e85685a5eaca8e3310798c5cdcbd〈=en&ds=AVG&pr=fr&d=2012-05-15 09:43:40&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2579679182-146959318-3495416509-1000\..\SearchScopes\{A038D07F-C0A5-4FDB-9F6E-C8B8E6728BB9}: "URL" = IE - HKU\S-1-5-21-2579679182-146959318-3495416509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/15 09:43:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/29 18:43:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 09:42:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/12 20:57:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/12 20:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don Gonsalves\AppData\Roaming\Mozilla\Extensions [2012/05/16 19:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don Gonsalves\AppData\Roaming\Mozilla\Firefox\Profiles\ztyliy5e.default\extensions [2012/05/12 20:57:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/05/15 09:42:37 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK [2012/04/29 18:43:05 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9 [2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/05/15 09:43:36 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/04/22 21:00:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.) O3 - HKU\S-1-5-21-2579679182-146959318-3495416509-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1277647536\ee\aolsoftware.exe (AOL Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [strgSync.exe] C:\Program Files\StorageSync\StrgSync.exe () O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-2579679182-146959318-3495416509-1000..\Run: [AOL Fast Start] C:\Program Files\AOL 9.5\AOL.EXE (AOL, LLC.) O4 - HKU\S-1-5-21-2579679182-146959318-3495416509-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex File not found O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe -update activex File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2579679182-146959318-3495416509-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2579679182-146959318-3495416509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O15 - HKU\S-1-5-21-2579679182-146959318-3495416509-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84F609E4-4E22-4BD8-A9FE-AECC78B3AA54}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/16 19:16:46 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Don Gonsalves\Desktop\OTL.exe [2012/05/15 09:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/05/12 20:57:58 | 000,000,000 | ---D | C] -- C:\Users\Don Gonsalves\AppData\Roaming\Mozilla [2012/05/12 20:57:58 | 000,000,000 | ---D | C] -- C:\Users\Don Gonsalves\AppData\Local\Mozilla [2012/05/12 20:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/12 20:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/05/12 20:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/05/08 16:19:28 | 000,000,000 | ---D | C] -- C:\Users\Don Gonsalves\Documents\Briankeepingeyeontheball [2012/05/07 11:24:07 | 000,000,000 | ---D | C] -- C:\Users\Don Gonsalves\Documents\Daniellookingatcamera [2012/05/04 21:54:46 | 000,000,000 | ---D | C] -- C:\Users\Don Gonsalves\Documents\FieldDiagram2012-1 [2012/05/04 15:41:34 | 000,000,000 | ---D | C] -- C:\Users\Don Gonsalves\Documents\ANNUALMEETINGAGENDA(2012) [2012/05/03 21:59:25 | 000,000,000 | ---D | C] -- C:\Users\Don Gonsalves\Documents\ChristTh [2012/05/01 20:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/05/01 20:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/05/01 20:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/04/30 19:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/04/30 14:19:42 | 000,000,000 | ---D | C] -- C:\Users\Don Gonsalves\AppData\Local\AVG Secure Search [2012/04/30 09:32:33 | 000,000,000 | ---D | C] -- C:\Users\Don Gonsalves\Documents\4_27_2012_wtc_tower_1_shuttle_enterprise_fly_hdS_rr_001 [2012/04/26 17:35:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Don Gonsalves\Desktop\aswMBR.exe [2012/04/24 19:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/04/22 21:01:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/04/22 20:58:58 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/04/20 11:49:27 | 000,000,000 | ---D | C] -- C:\Users\Don Gonsalves\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE} [2012/04/20 11:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications [2012/04/20 10:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint [2012/04/20 10:56:48 | 004,470,025 | R--- | C] (Swearware) -- C:\Users\Don Gonsalves\Desktop\ComboFix.exe [2012/04/20 10:32:52 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Don Gonsalves\Desktop\tdsskiller.exe [2012/04/20 10:14:01 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Don Gonsalves\Desktop\unhide.exe [2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys [2012/04/18 19:26:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/04/18 19:26:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/04/18 19:26:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/04/18 19:26:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/04/18 19:22:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/04/18 18:44:20 | 000,000,000 | ---D | C] -- C:\Users\Don Gonsalves\AppData\Roaming\SUPERAntiSpyware.com [2012/04/18 18:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/04/18 18:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/04/18 18:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/04/18 18:43:30 | 016,090,640 | ---- | C] (SUPERAntiSpyware.com) -- C:\SAS_935F0.EXE [2012/04/18 16:59:24 | 000,000,000 | ---D | C] -- C:\Users\Don Gonsalves\AppData\Roaming\Malwarebytes [2012/04/18 16:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/18 16:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/04/18 16:59:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/04/18 16:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/18 16:56:05 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.61.0.1400.exe [2012/04/18 16:45:34 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe [15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/16 19:16:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Don Gonsalves\Desktop\OTL.exe [2012/05/16 19:13:48 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/16 19:13:48 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/16 19:13:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/16 19:13:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/16 13:29:58 | 000,014,240 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/16 13:29:58 | 000,014,240 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/16 13:22:39 | 1582,931,968 | -HS- | M] () -- C:\hiberfil.sys [2012/05/16 09:33:17 | 000,344,677 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012/05/16 08:16:36 | 098,321,667 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012/05/15 09:43:51 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/05/15 09:11:34 | 000,141,531 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\Generation-Y.pdf [2012/05/12 20:57:53 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/05/11 15:32:15 | 000,075,749 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\image001.jpg [2012/05/11 03:27:57 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/05/11 03:08:19 | 000,624,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/11 03:08:19 | 000,106,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/09 10:29:17 | 000,142,780 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\20120508WPCAAdvisoryCommitteeReport2ndDraft.pdf [2012/05/08 16:19:27 | 005,783,315 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\Briankeepingeyeontheball.zip [2012/05/07 14:26:06 | 000,142,348 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\20120504WPCAAdvisoryCommitteeDraftReport.pdf [2012/05/07 11:27:33 | 001,742,460 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\cousingroupshotoutside.jpg [2012/05/07 11:24:05 | 007,846,924 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\Daniellookingatcamera.zip [2012/05/06 10:40:10 | 006,485,504 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\Lune.pps [2012/05/04 21:54:46 | 000,143,337 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\FieldDiagram2012-1.zip [2012/05/04 15:41:33 | 000,170,592 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\ANNUALMEETINGAGENDA(2012).zip [2012/05/03 21:59:24 | 001,704,770 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\ChristTh.zip [2012/04/30 20:12:59 | 000,000,564 | -HS- | M] () -- C:\Windows\5951687drv.spi [2012/04/30 19:17:49 | 133,330,512 | ---- | M] () -- C:\Users\Don Gonsalves\Desktop\setup_11.0.0.1245.x01_2012_05_01_01_37.exe [2012/04/30 13:56:43 | 000,811,008 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\MRAP_INCIDENT.pps [2012/04/30 09:32:33 | 002,004,101 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\4_27_2012_wtc_tower_1_shuttle_enterprise_fly_hdS_rr_001.zip [2012/04/26 17:37:30 | 000,000,512 | ---- | M] () -- C:\Users\Don Gonsalves\Desktop\MBR.dat [2012/04/26 17:35:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Don Gonsalves\Desktop\aswMBR.exe [2012/04/22 21:00:55 | 002,614,784 | ---- | M] () -- C:\Windows\expl.dat [2012/04/22 21:00:55 | 000,286,720 | ---- | M] () -- C:\Windows\System32\winl.dat [2012/04/22 21:00:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/04/20 10:56:48 | 004,470,025 | R--- | M] (Swearware) -- C:\Users\Don Gonsalves\Desktop\ComboFix.exe [2012/04/20 10:33:04 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Don Gonsalves\Desktop\tdsskiller.exe [2012/04/20 10:14:03 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Don Gonsalves\Desktop\unhide.exe [2012/04/19 17:29:29 | 000,010,913 | ---- | M] () -- C:\Users\Don Gonsalves\Documents\IRS.html [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys [2012/04/18 18:44:03 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/04/18 18:43:42 | 016,090,640 | ---- | M] (SUPERAntiSpyware.com) -- C:\SAS_935F0.EXE [2012/04/18 18:23:01 | 002,052,792 | ---- | M] () -- C:\tdsskiller.zip [2012/04/18 16:59:20 | 000,001,093 | ---- | M] () -- C:\Users\Don Gonsalves\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/04/18 16:59:20 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/18 16:56:05 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.61.0.1400.exe [2012/04/18 16:45:34 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\TDSSKiller.exe [15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [15 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/15 09:11:33 | 000,141,531 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\Generation-Y.pdf [2012/05/12 20:57:53 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/05/12 20:57:53 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/05/11 15:32:14 | 000,075,749 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\image001.jpg [2012/05/11 07:58:45 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/09 10:29:15 | 000,142,780 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\20120508WPCAAdvisoryCommitteeReport2ndDraft.pdf [2012/05/08 16:18:45 | 005,783,315 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\Briankeepingeyeontheball.zip [2012/05/07 14:26:04 | 000,142,348 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\20120504WPCAAdvisoryCommitteeDraftReport.pdf [2012/05/07 11:27:22 | 001,742,460 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\cousingroupshotoutside.jpg [2012/05/07 11:23:12 | 007,846,924 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\Daniellookingatcamera.zip [2012/05/06 10:39:28 | 006,485,504 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\Lune.pps [2012/05/04 21:54:45 | 000,143,337 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\FieldDiagram2012-1.zip [2012/05/04 15:41:32 | 000,170,592 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\ANNUALMEETINGAGENDA(2012).zip [2012/05/03 21:59:12 | 001,704,770 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\ChristTh.zip [2012/04/30 20:12:39 | 000,000,564 | -HS- | C] () -- C:\Windows\5951687drv.spi [2012/04/30 19:15:44 | 133,330,512 | ---- | C] () -- C:\Users\Don Gonsalves\Desktop\setup_11.0.0.1245.x01_2012_05_01_01_37.exe [2012/04/30 13:56:38 | 000,811,008 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\MRAP_INCIDENT.pps [2012/04/30 09:32:20 | 002,004,101 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\4_27_2012_wtc_tower_1_shuttle_enterprise_fly_hdS_rr_001.zip [2012/04/26 17:37:30 | 000,000,512 | ---- | C] () -- C:\Users\Don Gonsalves\Desktop\MBR.dat [2012/04/22 21:00:55 | 002,614,784 | ---- | C] () -- C:\Windows\expl.dat [2012/04/22 21:00:55 | 000,286,720 | ---- | C] () -- C:\Windows\System32\winl.dat [2012/04/19 17:29:29 | 000,010,913 | ---- | C] () -- C:\Users\Don Gonsalves\Documents\IRS.html [2012/04/18 19:26:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/04/18 19:26:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/04/18 19:26:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/04/18 19:26:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/04/18 19:26:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/04/18 18:44:03 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/04/18 18:22:46 | 002,052,792 | ---- | C] () -- C:\tdsskiller.zip [2012/04/18 16:59:20 | 000,001,093 | ---- | C] () -- C:\Users\Don Gonsalves\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2012/04/18 16:59:20 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/31 15:09:20 | 000,001,078 | -HS- | C] () -- C:\Users\Don Gonsalves\AppData\Local\bsc7o1i0dbmi [2011/12/31 15:09:20 | 000,000,000 | -HS- | C] () -- C:\ProgramData\bsc7o1i0dbmi [2011/02/20 10:27:22 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini [2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010/06/27 10:00:18 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini [2010/06/26 22:12:22 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2010/06/15 19:32:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010/06/15 19:32:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010/06/15 19:32:21 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010/06/15 18:39:24 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010/06/15 18:39:24 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL ========== LOP Check ========== [2012/04/11 16:52:13 | 000,000,000 | ---D | M] -- C:\Users\Don Gonsalves\AppData\Roaming\AVG2012 [2012/04/11 16:44:02 | 000,000,000 | ---D | M] -- C:\Users\Don Gonsalves\AppData\Roaming\Canon [2012/05/15 09:46:28 | 000,000,000 | ---D | M] -- C:\Users\Don Gonsalves\AppData\Roaming\SoftGrid Client [2010/06/26 19:50:34 | 000,000,000 | ---D | M] -- C:\Users\Don Gonsalves\AppData\Roaming\TP [2011/03/04 18:24:57 | 000,000,000 | ---D | M] -- C:\Users\Don Gonsalves\AppData\Roaming\Windows Live Writer [2012/04/20 11:49:27 | 000,000,000 | ---D | M] -- C:\Users\Don Gonsalves\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE} [2012/05/15 07:25:20 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 5/16/2012 7:19:44 PM - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Don Gonsalves\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.97 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 54.15% Memory free 3.93 Gb Paging File | 2.16 Gb Available in Paging File | 54.93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223.20 Gb Total Space | 185.40 Gb Free Space | 83.06% Space Free | Partition Type: NTFS Computer Name: DONGONSALVES-PC | User Name: Don Gonsalves | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09EE17AC-CF52-4955-B698-0C42259241E1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{1185CF95-6D58-4467-9135-13265FDB8D46}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{11FC0104-235F-4966-9F03-43157DA5D345}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{2F52CB17-1A7B-4BAF-8A72-95593F9D02AA}" = rport=10243 | protocol=6 | dir=out | app=system | "{33201993-3E5A-4A1E-A2B0-79CC8D1121A7}" = rport=137 | protocol=17 | dir=out | app=system | "{39C6CF7D-019F-4272-800C-D14896C9F24B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3F6D396F-E57F-4CBE-B3E4-468F581F3145}" = lport=2869 | protocol=6 | dir=in | app=system | "{4E73AD33-9BAF-47E1-A2C6-2D5A5DAEA029}" = rport=139 | protocol=6 | dir=out | app=system | "{533708D3-C84D-4A39-95E7-D93F1B406856}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{541ABF3B-F80F-49F1-9839-F60A3541282E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5A9855C4-E003-4B90-9B93-0285F61454D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{652C38E2-ED06-4137-AE2C-E81017AFCFC4}" = lport=139 | protocol=6 | dir=in | app=system | "{6DE42F0A-0042-49DD-8E83-BD1A41B4BC60}" = lport=138 | protocol=17 | dir=in | app=system | "{89DA3759-2144-49A4-8E23-DF25354ED161}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{946F578A-308A-400E-8BB4-491D288A58A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9DE26AF3-6F10-4344-9419-BD33791698B0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A2EE953D-4FEC-4995-A7A5-9C8203965C96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ACEC35A6-5B03-4665-BB30-CAE73E4D847F}" = lport=2869 | protocol=6 | dir=in | app=system | "{B745E24A-1F94-4823-9016-E2FC79AA87A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BE010A3F-84B4-422D-96EE-59C27FF6526F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C965FFFE-482E-4551-BBCF-EC4B47B01241}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CD77D532-2E7D-4C81-BA05-26ADF79A939D}" = rport=445 | protocol=6 | dir=out | app=system | "{D41E11AE-CFD2-4E64-8F40-D909130C5ED1}" = lport=10243 | protocol=6 | dir=in | app=system | "{E559F1EE-8E10-4D9E-AB94-527D7FE8598B}" = lport=137 | protocol=17 | dir=in | app=system | "{F150EB63-D5F1-429F-922E-4E40D5297793}" = rport=138 | protocol=17 | dir=out | app=system | "{F789DEEB-7AC4-496A-911C-C174EFDD683E}" = lport=445 | protocol=6 | dir=in | app=system | "{FE437140-98EC-4C4F-B08D-E5A1157B3D75}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0042D8B6-0AA9-48E4-B214-CB3DE02D4A98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{015BC2A5-0263-4E8A-8F97-E11D3893731F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0F0DA08F-6BF6-4A7B-A6B2-35487A3F79AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{13A3C6B6-0F82-4249-A931-D171B210C19F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{193B15F9-ADE4-4D79-911C-66C296212729}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{255FE731-F392-4303-8E49-C37A444C1069}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2D26DCD1-3FB5-4098-A84D-B2F0B0E52A8E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1277606285\ee\aolsoftware.exe | "{319049B9-3B36-41D9-BD45-B1968850C016}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{34F25E5E-2725-4998-9AFA-81920D8A35DE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{36EBF430-665E-49B7-A1DC-1928028FB8A2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{390BA130-8B22-4496-869B-045A03A1F8A9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{3F019A56-EC00-4150-8A6C-F689CAB396E8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{405C585B-6B3D-48CE-903D-DBA67198629A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{419A0DC5-97AE-4C5A-8A6E-816CD2CB2CB7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{472211ED-EDE9-4EBD-A0EA-9B010C6D250A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4D8B15F8-E659-46F5-885F-7DBCA48BC16E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1277647536\ee\aolsoftware.exe | "{53936111-0E03-45A2-A5B5-6030EEC49A24}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{54689020-72D8-4B3D-9DDA-DF5606202FD4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{628AA1F4-33E3-4E0C-A4AD-AE3174928849}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{679986E2-7292-4F2C-AED5-DF82DB46418D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{6872A7FE-C736-4FEE-97C8-95A270E5EAA9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{6D9620A7-8B46-4478-BB43-970385E984FA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{70574E0E-D30E-4D77-966C-445B259D74B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{72382432-9AC0-4142-A67C-C147DCFDE94F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8828B16E-C1B0-4E22-8BD5-B0EC143ABE4F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{8A0C32E6-FCD7-43D1-8051-71115711C873}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{8C173E3C-F4DA-44AC-921D-47FC196EFFAF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{91E80E89-D8F9-4931-9D84-C7D1342E4D54}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{937B872D-5E6F-4978-9129-F8CBCB95AE19}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{94EB26C9-F943-483A-BBC2-6BD0DA742FE4}" = protocol=6 | dir=in | app=c:\program files\aol 9.5\waol.exe | "{9CADA2DD-912A-4766-8CEC-63D22B68FB91}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{9DC142D6-3A21-4553-B4F9-C74B65D7F0A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9EAD0CE9-5F46-4B45-A052-28D09F13D67E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9F67E188-55E6-4E78-BE43-38C072E5A563}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{A1741499-7771-40B6-89B4-854630E69A0A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{A39A5163-7141-4CCC-A269-1AAD18B680A5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{A5AED326-96D7-4285-974C-1511FF7B2DDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A7823F59-8A26-47F9-B4BC-BA0AA565433F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{AAEB6F99-B0A8-483C-9167-59096712CBEE}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1277647536\ee\aolsoftware.exe | "{AAFBFD17-99D6-4E2B-8749-8AE96FEC8B4D}" = protocol=6 | dir=out | app=system | "{B727D431-3772-470B-B4BB-A83E3B39AEE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B7EFD681-6791-45D4-ADE9-B880789BF68C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{B830D481-DCA2-444D-B38B-BC9317C53267}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{BDA817B9-C361-4CFF-9052-68B5DE02AD96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C584221E-CE22-4323-A0C9-01715FDEF3AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CF21BDE7-819A-4A8C-98A1-17AAD7C1D13C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{D27CA592-DA91-4A34-B12A-1CBF19721453}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{E6658C7D-2875-47ED-B3D5-556E7E616149}" = protocol=17 | dir=in | app=c:\program files\aol 9.5\waol.exe | "{E837AA8F-23DB-4D4E-A300-F946F631A75E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{EA264C02-1E47-408C-A2DF-7F8CECCBCECB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{EA79DEBA-597B-44E3-9DDC-C64D95667749}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{F4FD5FE4-FB76-47D7-AAA8-850B22978E67}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1277606285\ee\aolsoftware.exe | "{F6C758AB-F6F2-4302-B7CE-2061AEA410E1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{F963C324-DE02-469F-A162-A096B0CAEA46}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "TCP Query User{3F67C998-9864-4FE9-9F62-0A18FFA8EE23}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | "TCP Query User{46C73687-9E7E-4A13-8526-93191FE80F50}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{59ADCDE4-9E90-4A94-B2CB-33B456583673}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{29699F9F-4CD8-4615-B6DE-B5890F53556C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{47A67026-A403-4995-A26B-B0B2207F669D}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | "UDP Query User{7CD3DA3A-B03E-4804-BBFA-FEF5F135A4A8}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}" = Broadcom Management Programs "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC474F86-9A17-4BCB-8B15-11ABFD5B7F95}" = Dell Backup and Recovery Manager "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0 "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012 "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0 "AOL Toolbar" = AOL Toolbar "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "ATT-RC" = ATT-RC Self Support Tool "AVG" = AVG 2012 "BCM V.92 56K Modem" = BCM V.92 56K Modem "Canon CanoScan LiDE 100 User Registration" = Canon CanoScan LiDE 100 User Registration "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program "CanonSolutionMenu" = Canon Utilities Solution Menu "ESET Online Scanner" = ESET Online Scanner v3 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "SoftwareUpdUtility" = Download Updater (AOL LLC) "StorageSync" = StorageSync Backup Software "WinLiveSuite" = Windows Live Essentials "WinZip" = WinZip ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2579679182-146959318-3495416509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "AOL Toolbar" = AOL Toolbar ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/12/2012 2:50:35 PM | Computer Name = DonGonsalves-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2180 Start Time: 01cd3070144443e3 Termination Time: 10 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: Error - 5/12/2012 8:44:14 PM | Computer Name = DonGonsalves-PC | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d Faulting module name: ws2_32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb4a Exception code: 0xc0000005 Fault offset: 0x00006b44 Faulting process id: 0x238c Faulting application start time: 0x01cd30a1841462c3 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\ws2_32.dll Report Id: c2d9d003-9c94-11e1-99b3-00038a000015 Error - 5/12/2012 8:49:27 PM | Computer Name = DonGonsalves-PC | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d Faulting module name: ws2_32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb4a Exception code: 0xc0000005 Fault offset: 0x00006b44 Faulting process id: 0x1bf8 Faulting application start time: 0x01cd30a23f69cb0a Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\ws2_32.dll Report Id: 7d9e045a-9c95-11e1-99b3-00038a000015 Error - 5/12/2012 10:05:25 PM | Computer Name = DonGonsalves-PC | Source = Application Hang | ID = 1002 Description = The program waol.exe version 9.5.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 269c Start Time: 01cd30acbdba9404 Termination Time: 0 Application Path: C:\Program Files\AOL 9.5\waol.exe Report Id: 14602328-9ca0-11e1-99b3-00038a000015 Error - 5/12/2012 10:05:56 PM | Computer Name = DonGonsalves-PC | Source = Application Hang | ID = 1002 Description = The program waol.exe version 9.5.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2634 Start Time: 01cd30acde28a7e2 Termination Time: 0 Application Path: C:\Program Files\AOL 9.5\waol.exe Report Id: 296d4e94-9ca0-11e1-99b3-00038a000015 Error - 5/13/2012 7:51:21 AM | Computer Name = DonGonsalves-PC | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf Exception code: 0xc0000005 Fault offset: 0x00051f45 Faulting process id: 0x23b4 Faulting application start time: 0x01cd30fea40e5e02 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: f501f20e-9cf1-11e1-99b3-00038a000015 Error - 5/13/2012 7:52:05 AM | Computer Name = DonGonsalves-PC | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421, time stamp: 0x4d76255d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x7ff93661 Faulting process id: 0x3134 Faulting application start time: 0x01cd30febf28a15a Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: unknown Report Id: 0eba7d58-9cf2-11e1-99b3-00038a000015 Error - 5/14/2012 8:41:55 AM | Computer Name = DonGonsalves-PC | Source = CVHSVC | ID = 100 Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved Error - 5/14/2012 6:03:50 PM | Computer Name = DonGonsalves-PC | Source = Application Hang | ID = 1002 Description = The program waol.exe version 9.5.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1404 Start Time: 01cd32003d0a5a2b Termination Time: 253 Application Path: C:\Program Files\AOL 9.5\waol.exe Report Id: a58ef60d-9e10-11e1-99b3-00038a000015 Error - 5/15/2012 7:25:19 AM | Computer Name = DonGonsalves-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5b0000 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00020d9a Faulting process id: 0x498 Faulting application start time: 0x01cd3026f4f0bc2e Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: unknown Report Id: a6a44c51-9e80-11e1-99b3-00038a000015 [ System Events ] Error - 5/15/2012 7:27:20 AM | Computer Name = DonGonsalves-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 Error - 5/15/2012 7:27:20 AM | Computer Name = DonGonsalves-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: %%1056 Error - 5/15/2012 7:27:20 AM | Computer Name = DonGonsalves-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: %%1056 Error - 5/15/2012 9:48:32 AM | Computer Name = DonGonsalves-PC | Source = Service Control Manager | ID = 7000 Description = The IPsec Policy Agent service failed to start due to the following error: %%32 Error - 5/15/2012 9:48:32 AM | Computer Name = DonGonsalves-PC | Source = Service Control Manager | ID = 7000 Description = The IPsec Policy Agent service failed to start due to the following error: %%32 Error - 5/15/2012 9:48:33 AM | Computer Name = DonGonsalves-PC | Source = Service Control Manager | ID = 7000 Description = The IPsec Policy Agent service failed to start due to the following error: %%32 Error - 5/15/2012 9:48:33 AM | Computer Name = DonGonsalves-PC | Source = Service Control Manager | ID = 7000 Description = The IPsec Policy Agent service failed to start due to the following error: %%32 Error - 5/15/2012 9:48:33 AM | Computer Name = DonGonsalves-PC | Source = Service Control Manager | ID = 7000 Description = The IPsec Policy Agent service failed to start due to the following error: %%32 Error - 5/15/2012 9:48:58 AM | Computer Name = DonGonsalves-PC | Source = Microsoft-Windows-Application-Experience | ID = 205 Description = The Program Compatibility Assistant service failed to perform the phase two initialization. Error - 5/15/2012 4:45:03 PM | Computer Name = DonGonsalves-PC | Source = DCOM | ID = 10010 Description = < End of report > -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
Hi Maniac, I did the INternet Explorer reset as instructed. I am still getting the redirect. I downloaded Firefox browser from Mozilla.org. I then used internet Explorer to go to google.com. I put in the google search field "scour redirect". I then clicked on a result and i got the redirect. I then used Firefox and did the same thing and DID NOT get the redirect. So this virus is affecting Internet Explorer and not Firefox. Hope that sheds some light on this stubborn problem. -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
HI Maniac, ok will try the reset the internet explorer settings. It might take me a few days to get to the affected computer due to work hours. -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
Hi Maniac, Yes still need help. Still getting the redirect when clicking on google search results. Using Internet Explorer. -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
Hi Maniac, I am using Internet Explorer as the browser when the redirects happen. -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
Hi Maniac, Uninstalled Java 6 update 26 as instructed. I could not uninstall Java Auto Updater because I did not see it in my programs list to uninstall. I installed Java 7 JRE (note, for future reference, the link you gave me to install Java 7 takes you to a Java page where you can download either JDK or JRE. I had to do some investigation to see which one to install since I didnt know the correct one) Computer is still exhibiting the redirects from google search engine. Not everytime. Id say about 75% of the time it redirects the search. Still noticing the "credit-crush.com" page for a few seconds in the tab before it redirects. -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
Hi Maniac, Ran the Kaspersky virus removal tool scan as instructed. It found 3 threats. I quarantined 2 of them and deleted one as instructed by the program. Status: Quarantined (events: 2) 4/30/2012 8:12:40 PM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HRQVA260\images[1].htm High 4/30/2012 8:13:00 PM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IC1Y0737\images[1].htm High Status: Disinfected (events: 2) 4/30/2012 8:12:24 PM Disinfected Trojan program Exploit.Java.CVE-2012-0507.q C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\5141ff24-615a64ed High 4/30/2012 8:12:24 PM Disinfected Trojan program Exploit.Java.CVE-2012-0507.q C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\5141ff24-615a64ed/ta/ta.class High -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
Hi Maniac, The computer still has the redirect when using google.com to search for a topic. I notice in my tabs that it briefly says "credit-crush.com" then says redirecting. When i put in "scour redirect" into google.com to do a search, usually when i click on one of the search results it then goes into the redirect mode. I tried going to yahoo.com and using their search engine, but samething happened. Got the redirect when attempting to connect to a yahoo search result. -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
Hi Maniac, ran the virustotal file check of the winlogon.exe file and i posted the link to the results as instructed. Seemed to have found a trojan of some sort. I also attached in my earlier posting the ASWMBR scan. Awaiting your next instructions. Thanks. -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
Hi Maniac, Ran the winlogon.exe in virustotal.com and here is result https://www.virustotal.com/file/e04e230f0436eae6457bf275f9848113c73942aa23e15c3edace8d5b026304ad/analysis/1335475908/ Found 3 items. Ran ASWMBR as instructed. Here is log file from that scan. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-26 17:35:43 ----------------------------- 17:35:43.126 OS Version: Windows 6.1.7600 17:35:43.126 Number of processors: 2 586 0x170A 17:35:43.126 ComputerName: DONGONSALVES-PC UserName: Don Gonsalves 17:36:09.873 Initialize success 17:36:48.847 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:36:48.847 Disk 0 Vendor: ST3250318AS CC45 Size: 238418MB BusType: 3 17:36:48.847 Disk 0 MBR read successfully 17:36:48.862 Disk 0 MBR scan 17:36:48.862 Disk 0 Windows VISTA default MBR code 17:36:48.862 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 17:36:48.878 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9818 MB offset 81920 17:36:48.878 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228559 MB offset 20189184 17:36:48.893 Disk 0 scanning sectors +488278016 17:36:48.940 Disk 0 scanning C:\Windows\system32\drivers 17:36:54.447 Service scanning 17:37:09.969 Modules scanning 17:37:15.195 Disk 0 trace - called modules: 17:37:15.211 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 17:37:15.226 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855fc5f8] 17:37:15.226 3 CLASSPNP.SYS[88ba359e] -> nt!IofCallDriver -> [0x85148918] 17:37:15.226 5 ACPI.sys[8861b3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85196030] 17:37:15.226 Scan finished successfully 17:37:30.421 Disk 0 MBR has been saved successfully to "C:\Users\Don Gonsalves\Desktop\MBR.dat" 17:37:30.436 The log file has been saved successfully to "C:\Users\Don Gonsalves\Desktop\aswMBR.txt" -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
Hi Maniac, Did scan as instructed, no infected files found. here is log file from Eset online scan ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK still having redirect issue Internet Explorer. -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
HI Maniac, Here is combofix log as instructed. ComboFix 12-04-20.03 - Don Gonsalves 04/22/2012 20:45:55.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.1218 [GMT -4:00] Running from: c:\users\Don Gonsalves\Desktop\ComboFix.exe Command switches used :: c:\users\Don Gonsalves\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\expl.dat c:\windows\system32\winl.dat . Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe . c:\windows\system32\svchost.exe . . . is infected!! . Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 ))))))))))))))))))))))))))))))) . . 2012-04-23 00:58 . 2012-04-23 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-20 15:49 . 2012-04-20 15:49 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE} 2012-04-20 15:49 . 2012-04-20 15:49 -------- d-----w- c:\programdata\Virtualized Applications 2012-04-20 14:57 . 2012-04-20 14:57 -------- d-----w- c:\programdata\Viewpoint 2012-04-18 22:44 . 2012-04-18 22:44 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\SUPERAntiSpyware.com 2012-04-18 22:43 . 2012-04-18 22:44 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-04-18 22:43 . 2012-04-18 22:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-04-18 22:43 . 2012-04-18 22:43 16090640 ----a-w- C:\SAS_935F0.EXE 2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\Malwarebytes 2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\programdata\Malwarebytes 2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-18 20:59 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-18 20:56 . 2012-04-18 20:56 10063000 ----a-w- C:\mbam-setup-1.61.0.1400.exe 2012-04-18 20:45 . 2012-04-18 20:45 2072112 ----a-w- C:\TDSSKiller.exe 2012-04-14 13:22 . 2012-04-14 13:22 -------- d-----w- c:\programdata\CanonIJEGV 2012-04-13 07:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-13 07:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-12 07:02 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 07:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-25 21:26 . 2012-03-25 21:26 -------- d-----w- c:\windows\Sun . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-23 01:00 . 2011-04-28 11:18 2639872 ----a-w- c:\windows\explorer.exe 2012-04-23 01:00 . 2010-06-15 23:35 311808 ----a-w- c:\windows\system32\winlogon.exe 2012-04-18 22:23 . 2012-04-18 22:22 2052792 ----a-w- C:\tdsskiller.zip 2012-03-01 05:49 . 2012-04-12 07:02 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 05:40 . 2012-04-12 07:02 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-28 01:11 . 2012-04-12 07:08 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-22 12:29 . 2011-06-03 10:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-22 08:03 . 2012-02-22 08:03 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-22 08:03 . 2012-02-22 08:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-22 08:03 . 2012-02-22 08:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-22 08:03 . 2012-02-22 08:03 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-02-22 08:03 . 2012-02-22 08:03 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-02-22 08:03 . 2012-02-22 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-22 08:03 . 2012-02-22 08:03 367104 ----a-w- c:\windows\system32\html.iec 2012-02-22 08:03 . 2012-02-22 08:03 161792 ----a-w- c:\windows\system32\msls31.dll 2012-02-22 08:03 . 2012-02-22 08:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-22 08:03 . 2012-02-22 08:03 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-02-22 08:03 . 2012-02-22 08:03 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-02-22 08:03 . 2012-02-22 08:03 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-22 08:03 . 2012-02-22 08:03 152064 ----a-w- c:\windows\system32\wextract.exe 2012-02-22 08:03 . 2012-02-22 08:03 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-02-22 08:03 . 2012-02-22 08:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-22 08:03 . 2012-02-22 08:03 11776 ----a-w- c:\windows\system32\mshta.exe 2012-02-22 08:03 . 2012-02-22 08:03 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-15 05:44 . 2012-03-14 11:39 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-15 04:22 . 2012-03-14 11:39 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-15 04:22 . 2012-03-14 11:39 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 05:41 . 2012-03-14 11:39 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:41 . 2012-03-14 11:39 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-10 05:41 . 2012-03-14 11:39 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-10 05:41 . 2012-03-14 11:39 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-10 05:41 . 2012-03-14 11:39 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-02-03 04:01 . 2012-03-14 11:39 2341376 ----a-w- c:\windows\system32\win32k.sys 2012-01-25 05:44 . 2012-03-14 11:39 57856 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:44 . 2012-03-14 11:39 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 05:40 . 2012-03-14 11:39 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2012-04-23 . DF974BC5437A7FDF82B4523DFCB4456F . 311808 . . [6.1.7600.16385] . . c:\windows\System32\winlogon.exe [7] 2010-11-20 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [7] 2010-06-15 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [7] 2010-06-15 . 3BABE6767C78FBF5FB8435FEED187F30 . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [7] 2009-07-14 . 8EC6A4AB12B8F3759E21F8E3A388F2CF . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe . [-] 2009-07-14 . E1BCFAC40EE52A8B870CDC55A47779CC . 46080 . . [6.1.7600.16385] . . c:\windows\System32\svchost.exe [7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe . [-] 2012-04-23 . C2C701939D4BC20A1BE5E61288CE9BEA . 2639872 . . [6.1.7600.16385] . . c:\windows\explorer.exe [7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [7] 2010-06-15 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [7] 2010-06-15 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [7] 2010-06-15 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [7] 2010-06-15 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [7] 2010-06-15 . FC89FACA0473641CB625EDA9277D0885 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe [7] 2010-06-15 . 00B0358734CAA32C39D181FE6916B178 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe [7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-03-13 01:30 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-20 39408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920] "AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776] "HostManager"="c:\program files\Common Files\AOL\1277647536\ee\AOLSoftware.exe" [2010-03-08 41800] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-01 928096] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe" [2012-02-22 250016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 79168] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Contents of the 'Scheduled Tasks' folder . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 00:19] . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 00:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{BA00B7B1-0351-477A-B948-23E3EE5A73D4}"=hex:51,66,7a,6c,4c,1d,38,12,df,b4,13, be,63,4d,14,02,c6,5e,60,a3,eb,04,37,c0 "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{3EF64538-8B54-4573-B48F-4D34B0238AB2}"=hex:51,66,7a,6c,4c,1d,38,12,56,46,e5, 3a,66,c5,1d,00,cb,99,0e,74,b5,7d,ce,a6 "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:be,78,ea,ac,07,03,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\ "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Common Files\Motive\McciCMService.exe c:\windows\system32\taskhost.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conhost.exe c:\windows\BCMSMMSG.exe c:\program files\AOL Desktop 9.6\waol.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\windows\system32\DllHost.exe c:\program files\AOL Desktop 9.6\shellmon.exe c:\windows\system32\sppsvc.exe c:\program files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe c:\program files\aol toolbar\aoltbServer.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Google\Google Toolbar\GoogleToolbarUser_32.exe c:\program files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\aol toolbar\aoltbServer.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Common Files\aol\1277647536\ee\aolupdates.exe c:\program files\Internet Explorer\iexplore.exe . ************************************************************************** . Completion time: 2012-04-22 21:08:12 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-23 01:08 ComboFix2.txt 2012-04-20 15:19 ComboFix3.txt 2012-04-18 23:49 . Pre-Run: 206,143,279,104 bytes free Post-Run: 205,839,876,096 bytes free . - - End Of File - - 8EA476B47D0689BABA594771BF3F80F4 -
Scour redirect virus removal help needed
efgonzo61 replied to efgonzo61's topic in Resolved Malware Removal Logs
Hi Maniac, DId as requested. Below is the combofix log. When the machine rebooted I did get an error box with the following info. C:windows\system32\GfxUI.exe "Illegal Operation attemped on registry key that has been marked for deletion" Here is log ComboFix 12-04-20.03 - Don Gonsalves 04/20/2012 10:59:16.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2013.934 [GMT -4:00] Running from: c:\users\Don Gonsalves\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\iwfnaaa.tmp c:\users\Don Gonsalves\ComboFix.exe c:\windows\expl.dat c:\windows\system32\svch.dat c:\windows\system32\winl.dat . Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe . c:\windows\system32\svchost.exe . . . is infected!! . Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe . Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy4_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373!explorer.exe . ((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 ))))))))))))))))))))))))))))))) . . 2012-04-20 15:11 . 2012-04-20 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-18 22:44 . 2012-04-18 22:44 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\SUPERAntiSpyware.com 2012-04-18 22:43 . 2012-04-18 22:44 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-04-18 22:43 . 2012-04-18 22:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-04-18 22:43 . 2012-04-18 22:43 16090640 ----a-w- C:\SAS_935F0.EXE 2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\users\Don Gonsalves\AppData\Roaming\Malwarebytes 2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\programdata\Malwarebytes 2012-04-18 20:59 . 2012-04-18 20:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-04-18 20:59 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-18 20:56 . 2012-04-18 20:56 10063000 ----a-w- C:\mbam-setup-1.61.0.1400.exe 2012-04-18 20:45 . 2012-04-18 20:45 2072112 ----a-w- C:\TDSSKiller.exe 2012-04-14 13:22 . 2012-04-14 13:22 -------- d-----w- c:\programdata\CanonIJEGV 2012-04-13 07:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-13 07:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-12 07:02 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-12 07:02 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-12 07:02 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-12 07:02 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-25 21:26 . 2012-03-25 21:26 -------- d-----w- c:\windows\Sun . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-20 15:13 . 2011-04-28 11:18 2639872 ----a-w- c:\windows\explorer.exe 2012-04-20 15:13 . 2010-06-15 23:35 311808 ----a-w- c:\windows\system32\winlogon.exe 2012-04-18 22:23 . 2012-04-18 22:22 2052792 ----a-w- C:\tdsskiller.zip 2012-02-22 12:29 . 2011-06-03 10:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-22 08:03 . 2012-02-22 08:03 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-22 08:03 . 2012-02-22 08:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-22 08:03 . 2012-02-22 08:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-22 08:03 . 2012-02-22 08:03 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-02-22 08:03 . 2012-02-22 08:03 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-02-22 08:03 . 2012-02-22 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-22 08:03 . 2012-02-22 08:03 367104 ----a-w- c:\windows\system32\html.iec 2012-02-22 08:03 . 2012-02-22 08:03 161792 ----a-w- c:\windows\system32\msls31.dll 2012-02-22 08:03 . 2012-02-22 08:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-22 08:03 . 2012-02-22 08:03 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-02-22 08:03 . 2012-02-22 08:03 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-02-22 08:03 . 2012-02-22 08:03 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-22 08:03 . 2012-02-22 08:03 152064 ----a-w- c:\windows\system32\wextract.exe 2012-02-22 08:03 . 2012-02-22 08:03 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-02-22 08:03 . 2012-02-22 08:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-22 08:03 . 2012-02-22 08:03 11776 ----a-w- c:\windows\system32\mshta.exe 2012-02-22 08:03 . 2012-02-22 08:03 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-15 05:44 . 2012-03-14 11:39 826368 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-15 04:22 . 2012-03-14 11:39 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-15 04:22 . 2012-03-14 11:39 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 05:41 . 2012-03-14 11:39 1074176 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:41 . 2012-03-14 11:39 218624 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-10 05:41 . 2012-03-14 11:39 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-10 05:41 . 2012-03-14 11:39 1170944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-10 05:41 . 2012-03-14 11:39 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-02-03 04:01 . 2012-03-14 11:39 2341376 ----a-w- c:\windows\system32\win32k.sys 2012-01-25 05:44 . 2012-03-14 11:39 57856 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:44 . 2012-03-14 11:39 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 05:40 . 2012-03-14 11:39 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2012-04-20 . DF974BC5437A7FDF82B4523DFCB4456F . 311808 . . [6.1.7600.16385] . . c:\windows\System32\winlogon.exe [7] 2010-11-20 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [7] 2010-06-15 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [7] 2010-06-15 . 3BABE6767C78FBF5FB8435FEED187F30 . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [7] 2009-07-14 . 8EC6A4AB12B8F3759E21F8E3A388F2CF . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe . [-] 2009-07-14 . E1BCFAC40EE52A8B870CDC55A47779CC . 46080 . . [6.1.7600.16385] . . c:\windows\System32\svchost.exe [7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe . [-] 2012-04-20 . C2C701939D4BC20A1BE5E61288CE9BEA . 2639872 . . [6.1.7600.16385] . . c:\windows\explorer.exe [7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [7] 2010-06-15 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [7] 2010-06-15 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [7] 2010-06-15 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [7] 2010-06-15 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [7] 2010-06-15 . FC89FACA0473641CB625EDA9277D0885 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe [7] 2010-06-15 . 00B0358734CAA32C39D181FE6916B178 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe [7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-03-13 01:30 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-20 39408] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920] "AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-12 7739936] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2009-11-12 203776] "HostManager"="c:\program files\Common Files\AOL\1277647536\ee\AOLSoftware.exe" [2010-03-08 41800] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-01 928096] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe" [2012-02-22 250016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 136176] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-27 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 BPowMon;Broadcom Power monitoring service;c:\program files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 79168] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-08-21 273960] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Contents of the 'Scheduled Tasks' folder . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 00:19] . 2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-28 00:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-Locked - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{BA00B7B1-0351-477A-B948-23E3EE5A73D4}"=hex:51,66,7a,6c,4c,1d,38,12,df,b4,13, be,63,4d,14,02,c6,5e,60,a3,eb,04,37,c0 "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{3EF64538-8B54-4573-B48F-4D34B0238AB2}"=hex:51,66,7a,6c,4c,1d,38,12,56,46,e5, 3a,66,c5,1d,00,cb,99,0e,74,b5,7d,ce,a6 "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac, 6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:be,78,ea,ac,07,03,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\ "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,53,51,94,c9,08,d7,20,4d,8e,5e,b9,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\windows\system32\conhost.exe c:\windows\BCMSMMSG.exe c:\program files\AOL Desktop 9.6\waol.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\AOL Desktop 9.6\shellmon.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Completion time: 2012-04-20 11:19:06 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-20 15:19 ComboFix2.txt 2012-04-18 23:49 . Pre-Run: 202,121,179,136 bytes free Post-Run: 201,840,066,560 bytes free . - - End Of File - - 98FD881016D11EACAA3F228A143DF30E